The Official Blog of the Institute of International Shipping and Trade Law
Author: Associate Professor Andrew Beale OBE
Previously our Acting Head of College Andrew joined us in 2004 as the Director of IP Wales®, our £4m award winning business support initiative.
Originally the Head of Swansea Law School (University of Wales Trinity Saint David) Andrew became the Director of the Swansea Intellectual Property Rights Initiative in 1999. In recognition of its support for Small & Medium Enterprise (SME) use of the IP system the Swansea IPR Initiative became the Winner of the Wales one-2-one Best 4 Business Award in 2000. Andrew was responsible for designing and launching IP Wales® in 2002. IP Wales® was the recipient of the Judges Special Prize at the WORLDLeaders European Awards in 2004. Under Andrew’s leadership over 800 businesses have been assisted to make informed commercial choices about their IP assets helping them to capture and protect over 220 patents, 70 trade marks and 10 design registrations around the World. Support was furnished to over 25 licensing deals (licensing-in & licensing-out) facilitating the commercial use of intangible assets by integrating an intellectual assets (IAs) strategy within the overall business plan.
In recognition of his success in raising levels of awareness and understanding of IP amongst the SME community in Wales Andrew was seconded from 2008-9 to work for the World Intellectual Property Organization (WIPO). Whilst at WIPO Andrew co-organised and presented at the ‘WIPO Forum on Intellectual Property & SMEs for IP Offices of OECD and EU Enlargement Countries’ (2008) in Cardiff, one of the few occasions this prestigious event has been hosted outside Geneva. Andrew achieved National recognition for ‘services to intellectual property and business in Wales’ with the award of an OBE by the Queen under her Birthday Honours List 2009. International speaking invitations have included presenting to the World Intellectual Property Organisation, the World Trade Organisation, the European Commission and the European Patent Office.
Andrew remains as the Director of IP Wales® and was responsible for the validation of our new LLM programme in Intellectual Property and Commercial Practice. Andrew is the module leader for International Intellectual Property Law, the Law of Intellectual Assets Management & Transactions and also lectures 'Oily IP' on our new LLM in Oil & Gas.
Giving judgement in the Court of Appeal case Shenzhen Senior Technology Material Co Ltd v Celgard, LLC  EWCA Civ 1293 Lord Justice Arnold has shone a further light on the UK Trade Secrets (Enforcement, etc.) Regulations 2018 (SI 2018/597) [TSR].
Dividing his analysis into pre/post the EU Trade Secrets Directive (EU Dir. 2016/943) Arnold LJ noted, “under English law prior to the implementation of the Trade Secrets Directive, trade secrets constituted a particular category of confidential information. The principal distinguishing characteristic of trade secrets, as opposed to other forms of confidential information, was that a former employee could be restrained from using or disclosing their former employer’s trade secrets after the termination of the employment”. 
“The Trade Secrets Directive harmonises the protection against the unlawful acquisition, use and disclosure of trade secrets in the European Union. It is not an exhaustive harmonisation: Article 1(1) provides that Member States may provide for more far-reaching protection than that required by the Directive provided that compliance with a number of provisions of the Directive is ensured. Thus the Directive provides both a floor and a ceiling.”
Moreover, it was noted that whilst TSR might implement the Trade Secrets Directive, it does not transpose Articles 3, 4 or 5 of the Directive.
Turning to the “curious provision” of Regulation 3 Wider Protection, Arnold LJ surmised “… it appears to be primarily intended to ensure that, if and in so far as English law prior to the implementation of the Trade Secrets Directive was more favourable to the trade secret holder…then that greater level of protection shall continue to be available…”.
Conversely it was noted that Regulation 3 does not appear to address the position if the Directive confers greater protection than English law did previously. In such a situation the solution advocated by Arnold LJ would be to interpret and apply TSR consistently with the Directive and again offer the trade secret holder the higher protection.
Trailfinders v Travel Counsellors  EWHC 591 (IPEC) represented the first opportunity for judicial scrutiny of the UK Trade Secrets (Enforcement, etc.) Regulations 2018 (SI 2018/597).
The approach adopted by HH Judge Hacon was provisions of the EU Directive on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure (EU Dir. 2016/943), especially Chapter II and Articles 6, 7 and 16, had already been implemented – without the need for these Regulations – into our law under common law and equity. Hacon J accordingly, “assumed that the substantive principles governing the protection of confidential information under English law, including that afforded by terms implied into contracts of employment and by equitable obligations of confidence, are unaffected by the Directive. However, the Directive shines an occasional light on those principles.” [para.9]
In particular, Hacon J found,”the best guide tothe distinction between information which is confidential and that which is not is now to be found in the definition of ‘trade secret’ in Article 2(1) of the Directive 2016/943.” [para.29]
This would imply that the established three stage common law test for confidentiality of: (1) the information itself must have the necessary quality of confidence; (2) the information must have been imparted in circumstances importing an obligation of confidence (either expressly, or which ought reasonably to have been understood by the recipient) and; (3) there must be an unauthorised use of that information to the detriment of the rights holder; now needs to be updated in line with the new statutory definition of a ‘trade secret’ being information which: (1) is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among, or readily accessible to, persons within the circles that normally deal with the kind of information in question; (2) has commercial value because it is secret, and; (3) has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret.
However, the difficulties inherent within this interplay between the new statutory definition of a ‘trade secret’ and the old common principles of confidentiality can be illustrated by Hacon J’s legal treatment of the two terms, ‘secret’ and ‘reasonable steps’.
The preamble to the EU Trade Secrets Directive makes clear that its definition, “excludes trivial information and the experience and skills gained by employees in the normal course of their employment, and also excludes information which is generally known among, or is readily accessible to, persons within the circles that normally deal with the kind of information in question.” [para.14]
Mr La Gette and Mr Bishop as the defendants in this case had argued that Trailfinder’s information on clients’ names, nationalities, interests, contact details and past bookings was already in the public domain and was therefore ‘readily accessible’ to them. Trailfinders held this client information on two systems: Viewtrail was an online portal used to record booking details and Superfacts was a software system which recorded information about clients. Bishop had admitted using the Superfacts system to assemble, for about six months before he left Trailfinders, a ‘contact book’ about clients and both he and La Gette admitted accessing Viewtrail after they had left Trailfinders.
Hacon J took the view that the Trailfinder information had met the statutory threshold for being ‘secret’ but went further adding, “Lewison LJ observed in Force India Formula One Team Ltd v Aerolab Srl  EWCA Civ 780;  RPC 36 (with whom Briggs LJ and Sir Stanley Burton agreed): “It is certainly not a defence [to an allegation of breach of confidence] that the person in breach of confidence could have obtained the information elsewhere if he did not in fact do so.” (at ) [para.35]
Wearing the ‘clean hands’ spectacles demanded of equity Hacon J felt able to find that although, “[T]he protection may not have been as rigorous as it should have been [but] Trailfinders clearly took steps to ensure that the Client Information was not openly available to anyone by requiring the use of a password or, in the case of Viewtrail, limiting access to information to clients only if their name and booking reference was known”. [para.73]
This approach would appear to be at variance with that adopted by judicial counterparts in the USA, who, whilst not requiring of perfection, on the whole would take a dim view of any failure on the part of a holder of trade secrets not to identify and label confidential information as such, nor take any steps to restrict ex-employee online access. It is worthy of note that the origins for the broad definition for a ‘trade secret’ under the UK Regulations ultimately lies within American jurisprudence, where State and now Federal Courts have had decades of experience in its interpretation.
The issue may lay in the fact that Hacon J categorised the confidential information at play in this case as class 2 information acquired during the normal course of employment which remains in the employee’s head and becomes part of his own experience and skills (not class 3 information, namely specific ‘trade secrets’ requiring of a higher degree of confidentiality) – see Goulding J’s classification in Faccenda Chicken Ltd v Fowler  1 All ER 724, albeit the Court of Appeal ultimately differed with Goulding J’s analysis of where to draw the line between classes 2 and 3. This begs the unanswered question, would Hacon J have demanded more in the way of ‘reasonable steps’ from Trailfinders had he categorised the confidential information as class 3?
Given the EU Trade Secrets Directive does not replace English common law, the overall effect was said to be that a UK trade secret holder could apply for remedies under the common law of confidentiality either in addition, or as an alternative, to the remedies provided under the Trade Secrets Regulations (i.e. in instances where the English common law provided for ‘wider remedies’ – Regulation 3). It will be interesting to see in the future whether our more senior judicial brethren continue to follow Hacon J’s approach of an interplay between the two. But for the time being at least the new Trade Secrets Regulations, and Regulation 2 in particular, can (merely) be viewed as an aid to common law interpretation, illuminating what information now has ‘the necessary quality of confidence’ under both classes 2 and 3, as categorised in the Faccenda Chicken case.
Readers of the latest Raconteurs IP Report may be sobered to learn that 28% of IP, Cyber and risk professionals say their “company has experienced a material IP incident over the past two years” – with 42% of those involving trade secrets, as compared to 26% copyright and 24% patents.
The Report goes on to cite the case of Uber acquiring the self-driving startup Otto in 2016. Ben Edwards notes, “[I]t thought it was hiring some of the industry’s smartest engineers; what Uber also purchased was a lesson on the importance of intellectual property.” It transpired Otto’s founder, Anthony Levandowski, had downloaded files from his previous employer, Waymo, before his leaving – a fact Uber had overlooked as part of their acquisition due diligence. Whilst Uber claimed not to have received or used any of Waymo’s trade secrets it ended up paying $245 million in legal settlement.
Tilman Breitenstein (IP Group Leader, BASF) comments in the Report, “There are not many companies that do have a solid trade-secrets programme in place; even if they know they have something, they lack the skills and knowledge of how to protect it…Startups and smaller companies often have a higher fluctuation of staff and that makes it much more difficult for those businesses to protect their trade secrets. They also need to attract investors, which means going out and talking about their business, which also puts them at higher risk.”
The growing importance of considering trade secrets as part of a wider IP strategy for the business is amplified by Maria Anassutzi (IP Lead European Counsel at Canon) in the Report,”[S]ometimes an IP strategy is just thought of as a patent strategy, but it is much more than that.” The Report goes on recognise one common mistake companies make is, “not aligning their IP strategy with their overall business strategy.”
Intellectual property is the area of law used by commercial entities to differentiate their goods and services in the marketplace. One of the ways this differentiation can be achieved is through branding, protected via trademarks. Indeed, one of the essential criteria for a trademark is a sign capable of distinguishing goods and services as a “badge of origin” for consumers.
Richard and Maurice McDonald from San Bernardino, California may have been experts at churning out hamburgers and French fries quickly, cheaply and consistently under their “Speedee Service System”, but they had little if any regard for intellectual property. Working with local craftsmen they invented a new spatula, dispenser (squirting the same amount of ketchup and mustard every time) and rotating platform to speed up the assembly of the burger, bun and condiments, none of which enjoyed patent protection or were appreciated for their trade secrets potential. It was left to the more IP astute Ray Kroc, their milkshake machines salesman, to encourage and expand their domestic franchising operation under the protection of trademarks. After purchasing the McDonald brothers’ equity in the company, Kroc used his control over the trademarking portfolio as the springboard for the global franchising operation we all know today. Ultimately driven out from the fast-food industry by the very business that bore their family name, the McDonald brothers’ story is a salutary lesson in IP astuteness.
UK company number 07033553 tells the tale of two even more famous brothers. Incorporated in 2009 as “The Foundation of Prince William and Prince Harry” following the marriage of Prince William it went on to become “The Royal Foundation of the Duke and Duchess of Cambridge and Prince Harry” in 2012, and following the marriage of Prince Harry “The Royal Foundation of the Duke and Duchess of Cambridge and the Duke and Duchess of Sussex” in 2018. But after Prince Harry disclosed in an ITV documentary that he and his older brother were on “different paths” the company has since reverted to “The Royal Foundation of the Duke and Duchess of Cambridge” (from the 6th September 2019). This company has been IP astute in applying for/registering trademarks to protect its name, as well as “The Royal Foundation” brand. In addition to the UK, trademark protection has been secured as far afield as Australia, Canada and Europe.
The recent decision of the Duke and Duchess of Sussex to withdraw from royal duties may have created a “mini-abdication crisis” but with speculation now turning towards likely future commercial dealings, their trademarking activities are now coming to the fore. So what insights do these trademarking activities offer?
The Duke and Duchess of Sussex have been Directors of “Sussex Royal the Foundation of the Duke and Duchess of Sussex”, a private limited company by guarantee (Company Number 12077679) since its date of incorporation on 1st July 2019. Two UK trademark applications have been made on behalf of this company for “Sussex Royal” as well as protecting the company name.
Following the announcement of the withdrawal from royal duties, two further applications have also now been made under the Madrid system (the system for registering international trademarks in up to 90 countries) in respect of the company name and the brand “Sussex Royal”. It is reported that international trademark applications have been filed under these applications for Australia, Canada, Europe and the United States.
Comprehensive monopoly rights are being claimed
Legal protection has been sought and registered for the Duke and Duchess of Cambridge under “The Royal Foundation” for:-
Clothing, footwear, headgear.
Charitable fund raising; management of charitable funds; financial grant making.
Educational activities; cultural activities; organising of events; publishing, including electronic publishing.
Licensing of intellectual property.
In comparison “Sussex Royal” seeks to duplicate all of these and far more:-
Printed matter; instructional and teaching materials; printed educational materials; printed publications; books; educational books; textbooks; magazines; newspapers; newsletters; periodicals; printed reports; fact sheets; brochures; programmes; booklets; pamphlets; leaflets; manuals; journals; diaries; calendars; posters; art prints; notebooks; postcards; greeting cards; paper and cardboard; photographs; stationery and office requisites, except furniture; artists materials; pens; pencils; book marks; activity books.
Campaigning; promotional and public awareness campaigns; marketing and promotion of charitable campaigns; promoting charitable fundraising events; developing charitable campaigns for others; developing and coordinating volunteer projects for charitable purposes; providing volunteering opportunities and recruitment of volunteers; organising and conducting community service projects; information, advisory and consultancy services relating to the aforesaid services, all of the aforesaid services also provided online via a database or the Internet.
Charitable fund raising; management of charitable funds; financial grant services; financing of projects; charitable foundation services, namely, providing fundraising activities, funding, scholarships and/or financial assistance to those in need; charitable collections; management of charitable funds; information, advisory and consultancy services relating to the aforesaid services, all of the aforesaid services also provided online via a database or the Internet.
Education; providing of training; sporting activities; cultural activities; arranging and conducting educational events; arranging and conducting of conferences, conventions, exhibitions, classes, lectures, seminars and workshops; organisation of webinars; health and wellness training; education and training relating to nature, conservation and the environment; organising youth training schemes; career and vocational counselling; training relating to employment skills; personal development training; team building (education); organising sporting events and competitions; sports coaching services; providing sports facilities; training of sports coaches; arranging and conducting cultural events; arranging and conducting of entertainment events for charitable purposes; social club services for entertainment purposes; arranging and conducting award ceremonies; publishing; electronic publishing; non-downloadable electronic publications; news reporting; information, advisory and consultancy services relating to the aforesaid services, all of the aforesaid services also provided online via a database or the Internet.
Social care services namely organising and conducting emotional support groups; counselling services; emotional support services; provision of personal support services to help, care for and support persons in need, namely companionship services; charitable services, namely mentoring and personal care services; licensing of intellectual property; information, advisory and consultancy services relating to the aforesaid services, all of the aforesaid services also provided online via a database or the Internet.
We await the outcome of these applications, but for the time being at least in those areas (as underlined above) where the work of the respective Foundations overlap consumers should view “The Royal Foundation” as the brand of the Duke and Duchess of Cambridge and “Sussex Royal” the new future brand of the Duke and Duchess of Sussex.
Yesterday’s headline (above) in the Sunday Times is a timely reminder to UK business about the importance of “trade secrets data” as an intellectual asset and the need for clarity as to its meaning.
Up until the Trade Secrets (Enforcement, etc.) Regulations 2018 [the new Regulations] the UK had no statutory definition for what constitutes “trade secrets data”. The common law had previously used the term in one of two ways, either for post-employment restraints legitimately imposed on former employees or meaning technical/business data imparted to the recipient under an express or implied obligation of confidentiality.
In an attempt to catch-up with legislative protection in the USA and Japan, the EU Commission introduced Directive 2016/943 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. This Directive used the definition for “trade secrets data” provided for under Article 39.2 of the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPs), implementing which the new Regulations state at Section 2 that a “trade secret” constitutes data which:-
“(a) is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among, or readily accessible to, persons within the circles that normally deal with the kind of information in question, (b) has commercial value because it is secret, and (c) has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret;” (emphasis added)
The preamble to the Directive makes clear secret “excludes trivial information and the experience and skills gained by employees in the normal course of their employment, and also excludes information which is generally known among, or is readily accessible to, persons within the circles that normally deal with the kind of information in question.” Further, that data has a commercial value, “where its unlawful acquisition, use or disclosure is likely to harm the interests of the person lawfully controlling it, in that it undermines that person’s scientific and technical potential, business or financial interests, strategic positions or ability to compete.”
However, there is no definitive guidance on what constitutes reasonable steps under the circumstances, although there would seem to be an expectation within the wider legal community that SMEs will not be put to the same legal standard as larger more resourceful corporations (see Trade Secrets – reasonable steps, published in the Journal of the Chartered Institute of Patent Attorneys October 2019 / Volume 48 / Number 10 at 18).
What is clear, however, is the new Regulations offer no protection to UK businesses under the criminal law. Whereas the U.S. Defend Trade Secrets Act 2016 may make it a federal offence to steal trade secrets data, such data is unlikely to even be considered as “property” within the meaning of the UK Theft Act 1968.
The article addresses the reintroduction of the Active Cyber Defense Certainty Act (ACDC) to the 116th U.S. Congress in June 2019 and concludes with the call for a common platform to be agreed on the more aggressive defensive cyber actions (hacking back/Offensive Cyber/legal right to bear cyber arms) that SMEs should and should not be permitted to conduct in defence of trade secrets.
The latest report from the EUIPO and Europol on IP Crime threats assessment makes clear that such threats are viewed as limited to instances of piracy and counterfeiting. Important as these criminal activities may be to threaten the health of our economy such a limited approach is at odds with American jurisprudence where, ”the threat of trade secrets theft to U.S. corporations conducting business internationally is a well-recognized and extensively documented phenomenon”, and “top intellectual property priority” for investigation by the FBI. The United States Trade Representative’s Special 301 Report (2018) goes further by identifying a failure to adequately protect trade secrets by trading partners as a key area of concern, given U.S. government recognition that “trade secrets may constitute the most critical intellectual property assets” for U.S. corporations.
It was for this reason that the U.S. government reported it had been, “extremely active in Brussels in support of the EU trade secrets directive” (2016), using its co-chairmanship of the Transatlantic IPR Working Group to push ”this topic to the forefront on EU action on intellectual property matters”, albeit this legislative initiative was ultimately only limited to the civil law domain.
Work undertaken by the OECD in 2014 recognises that the U.S. leads the world in the legal protection of trade secrets, with the UK struggling to stay above the average – behind the legal jurisdictions of Canada, Lithuania, Spain, Japan, Netherlands, Ireland, Israel, New Zealand, Hong Kong (China), Singapore and Australia. A UN Conference on Trade and Development Report (2011) confirmed over 50% of global trade in services is now undertaken online, with a global fraud report (2010) recording incidents of data theft now surpassing that of physical theft. One area of primary concern highlighted by U.S. Secretary of State Hillary Rodham Clinton in 2012 was,”emerging powers are putting economics at the centre of their foreign policies” and making commercial cyber espionage a central part of their policy toolbox.
During his presidential campaign candidate Trump highlighted the blue-ribbon panel report into the Theft of American Intellectual Property, the updated version of which cites estimates of the value of trade secret theft as between 1% to 3% of GDP. It is sobering to note the Director of the European Centre for International Political Economy would point out, “there is no evidence or indication that cyber espionage against European firms is any lesser in scale than against other countries,” offering an estimation of “the cost of cyber espionage to Europe at 55 billion euros annually (and placing) 289,000 jobs at risk.”
Whereas the UK government would advocate that the solution lies with firms enhancing their own cybersecurity protection, such an approach is likely to become increasingly unrealistic as a holistic solution in the emerging 5G/Industry 4 era, where decades of R&D are susceptible to being ‘hacked’ at the click of the mouse. Calls for parity of criminal law protection with SME counterparts in the U.S. can only be expected to grow within the UK.
With the UK providing notice to leave the EU and looking to build upon its current trading position with the U.S. a parity of criminal law protection against trade secret theft can only offer some reassurance to the U.S., with a trading partner which is currently said to offer better criminal law protection for the boardroom table than the theft of boardroom secrets (Alan Campbell QC 1967).
Welcome though such a legislative initiative might be for our vulnerable SMEs, Europol has already reported that national criminal legislation cannot of itself provide a unilateral solution. With TRIPS now nearing a quarter of a century of operation there are reassuring signs that the U.S., Japan and EU are starting to form a ‘coalition of the willing’ to work together on the margins of the TRIPS Council to elaborate upon the nature of the legal protection to be afforded under Article 39, with a special emphasis on SMEs (side event 9th November 2016).
Europe has been at the vanguard of developments for the legal protection of personal data, the question is whether the appetite now exists to extend the legal protection for valuable commercial data by using the criminal law.
Delighted to see cybersecurity identified as one of the urgent
global legal challenges to be addressed under the Hillary Rodham Clinton
Scholarship programme just launched by Sky and Swansea University (see
No understanding of innovation is complete without an understanding of intellectual property law and as Alec Ross, Senior Advisor for Innovation to Hillary Clinton when Secretary of State, states in his work The Industries of the Future (2016), “We all want the liberty that comes with a vibrant online life, but liberty without security is fragile, and security without liberty is oppressive. The years ahead will force us to balance these two as we have not had to before.”
Sky and Swansea University today announced the first ever global Hillary Rodham Clinton Scholarship programme.
The scholarships will support the next generation of leaders committed to addressing urgent global challenges, including the rights and protection of children online, the climate crisis and cybersecurity.
Each of the scholars will be selected over the summer and
granted a fully-funded, postgraduate, one-year scholarship at Swansea
University, starting in the autumn.
Launching the Hillary Rodham Clinton Global Challenges Scholarship, Secretary Clinton said: “I’m delighted that this partnership between Sky and the School of Law at Swansea will be able to achieve something truly unique, with an urgency that the challenges we face today demand. The programme is a modern, flexible approach which combines the rigour of academic excellence with practical, real world impact. These scholars will embody our shared values of working together across disciplines and geographic boundaries to improve conditions and opportunities for all, and especially for women, children, the marginalised and the disenfranchised.”
Chief Executive, Jeremy Darroch said: “We are honoured to
be the inaugural partner for the Hillary Rodham Clinton Global Challenges
Scholarship and are immensely proud to support a programme so committed to
building a better tomorrow.
“As a society we face a number of global challenges and as
a responsible business we recognise the importance of using our reach and voice
to make a difference in addressing these, making an impact in the wider world,
and helping others do the same. I look forward to welcoming the scholars to the
Sky family and exploring the good we can do together.”
of the Hillary Rodham Clinton School of Law at Swansea University, Professor
Elwen Evans QC, said: “This is a wonderfully exciting
initiative and we are delighted to be working with Sky. These scholarships will
support the delivery of a transformational programme and we hope that our
students will be outward-looking in addressing the big issues. If we are to
tackle the major challenges, such as climate, security, protecting children
online, and inequality, we require innovative thinking and leadership, and a
sustained commitment to transnational cooperation and collaboration.
“This programme capitalises on the considerable research expertise within the Hillary Rodham Clinton School of Law in order to provide students with an incredible opportunity to undertake study into areas of global challenge, and to be equipped with the skills to undertake legal research and to effectively advocate for transformational change to law, policy and practice.”
Reading the IP Wales SME Guide to IP Cybersecurity, underpinned by Beale A., Ratcliffe S., Tettenborn A., The Protection of Data in our Digital Age  Journal of Business Law, Issue 6, 2017 p.461-472, has resulted in each of the following businesses seeking to adopt new methodologies and processes to protect their online commercial activities:-
Benchmark Skincare Limited (Managing Director: Peter Friswell) “By seeking to be certified for Cyber Essentials will enable our business to become “GDPR compliant, protect itself from phising emails, protect itself from external cyberattacks, creating an effective and robust backup data storage process.”
Boyns Information Systems (Director: Robert Boyns) “Reading the IP Wales SME Guide to IP Cybersecurity helped increase our awareness on the importance of cybersecurity in the field intellectual property. As a result, we have adopted new methodologies and processes to allow Boyns Information Systems to grow our cybersecurity infrastructure, whilst protecting us from online harm. Being awarded the IP Wales grant assisted our bid to achieve the Cyber Essentials Plus accreditation, preparing us more fully to mitigate any cyberattack.”
Cadmhas Limited (Director of Services: Elfed Williams) “We are a registered charity and company limited by guarantee and as the Director of Services of CADMHAS I have a duty of care and responsibility to both my Directors, Staff and Service Users that we mitigate the threat of a Cyber Attack. I have spoken to our suppliers Boyns Information Systems Ltd., and they have assured me that by following the 5 pillars of the Cyber Essentials Scheme this will help towards my goal of having a system secured to government guidelines. By having the certification and adhering to it, I will be able to focus on the development of our day to day operations and plan towards the future with a good IT foundation to move forward.”
Castell Howell Foods Limited (Head of IT: Paul Rankin) “Having read the IP Wales SME Guide to Cybersecurity, we decided to increase our protection to Cyber Essentials Plus to reduce the risk of being infiltrated or having data breaches in line with GDPR. With an ever-increasing rise in cybercrime it makes sense to do as much as we can to prevent attacks on our company. I can honestly say that I feel much more confident in our security now and would highly recommend others to carry out this process. Thanks again for considering us for the funding, much appreciated.”
CCTV Wales Limited (Compliance Supervisor: Steve Gallagher) “…to ensure that all customer data and company information is properly protected allowing the company to enhance their service and support Cybersecurity in the area.”
David W.Harris & Co. Solicitors (Practice Manager: Neil Startup) “We are now in the process of undertaking risk analysis and management relating to cyber security. We have updated our internal governance to include more detail on IT security, such as: maintenance of an asset register to include the addition or removal of any assets, Updated IT security and systems policies, Implementation of remote access control, Implementation of a protocol to manage remote devices with access to exchange accounts, Implementation of server password policies, Implementation of automatic screen lock down through user inactivity, Introduction of periodic penetration testing, Password Protection introduced for all electronic documents.”
Daydream Education (Operations Director: Wesley Paetel) “Reviewing and updating all internal cybersecurity awareness and reporting processes, reviewing all third-party anti-virus and malware applications, ensuring system security is reviewed regularly, and reviewing our disaster recovery processes as well as educating staff members about the dangers of cybersecurity and how to become more aware of threats.”
Guardian Property Services Limited (Business Development: Lauren Thomas) “It’s apparent that cybersecurity should be a priority of any business, irrespective of size. Having the right level of knowledge and preparation is vital to minimise and control damage, as well as an understanding of the consequences of a breach and how to recover.”
Health & Her Limited (Marketing Director: Kate Bache) “Collecting, protecting and processing sensitive customer data to improve our understanding in the therapeutic areas of female health, including menopause and menstrual wellbeing.”
Masons Moving Group Limited (Financial Controller: Robert Power) “Protecting the business from online harm is of paramount importance and the Guide has enabled us to implement new security and knowledge to ensure cyber threats are eliminated. These new systems will be monitored frequently and updated when necessary.”
Masons Self Storage Limited (Marketing Manager: James Mason) “The Guide has been extremely helpful in helping our business truly understand the impact cyberattacks can have on a small business. We have ensured brand new office procedures have been put in place with efficient regimes of how we hold and process all types of data.”
PLF Wealth Management Limited (Director: Jeremy Freeman) “Your Guide has made me appreciate the myriad of potential cybersecurity attacks that my small firm has to be aware of, and the steps we as a company need to take to protect our data and network from becoming a victim of these attacks. As a small business our in the financial services arena, we control large amounts of personal data and sensitive data which could make us a viable target to such attacks.”
The Business Centre (Cardiff) Limited (Centre Manager: Emma Mason) “Reading the Guide has given me great knowledge on how to protect our business from online harm. Using this knowledge has enabled us to put new office processes and procedures in place to ensure that we are protected. We have looked closely at how we hold and process our data.”
IP crime is traditionally viewed as counterfeiting (false branding) and piracy (illegal copying) but cybercriminals (& some state players) are increasingly coming to recognise the value of confidential data held by businesses, be it sensitive information about the business operation (trade secrets) or customer information such as passwords and credit card details (made even more topical with the arrival of the EU General Data Protection Regulation 2016).
These attacks on confidential data are happening globally with increasing rapidity and ever more complexity. Zero-day vulnerabilities (where hackers have discovered and exploit a software security breach before a fix is available) are increasing exponentially.
In response our award-winning business support initiative IP Wales has launched a new Online Initiative 2017-2020, the aim of which is to help small/medium sized enterprises (SMEs) to protect their IP from online threats.
SMEs are particularly vulnerable to cyberattack, with our research (commissioned by the Welsh Government) showing that many take little or no precautions against cyber threats, in the mistaken belief that they are too small to attract the cybercriminal’s attention, or that they don’t possess any data worth stealing. Examples of cyberattacks on SMEs have included:-
• IP ‘Theft’ (i.e. trade secrets), the loss of which seriously undermines a company’s attractiveness to both investors and prospective buyers of the business.
• Ransoming of Data, where the business is coerced into paying off hackers in order to retrieve or access stolen or encrypted data.
.• ‘Theft’ of Customer Data (including payment details) which exposes the business to lawsuits, regulatory fines for improper handling of personal data, and reputational damage.
Our website www.ipcybersecurity.co.uk is dedicated to helping SME Boards of Directors to better understand and better protect their business from this increasing threat of IP cybercrime. It also acts as a repository for our research into emerging trends in Cyber-Risk oversight, offering free Briefing Guides for the IP Service Community (IP active Solicitors and Patent Attorneys) on:-